Possible Denial-of-Service (DoS) Vulnerability in Spring Framework Versions 6.0.15 and 6.1.2
CVE-2024-22233
What is CVE-2024-22233?
Inversions 6.0.15 and 6.1.2 of the Spring Framework, a vulnerability exists that could allow an attacker to execute specially crafted HTTP requests, potentially leading to a denial-of-service condition. This risk arises when an application based on Spring MVC is paired with specific versions of Spring Security (6.1.6 or higher, and 6.2.1 or higher) on the classpath. Such configurations are typical in Spring Boot applications that incorporate certain dependencies, namely org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security, increasing the likelihood of exposure. Developers utilizing these frameworks should assess existing implementations to mitigate risks associated with this vulnerability.
Affected Version(s)
Spring Framework 6.1.2
Spring Framework 6.0.15
News Articles
GitHubCVE-2024-22233CVE-2024-22233 - GitHub Advisory Database
GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.
Spring Framework Fixes Severe DoS Vulnerability in Latest Releases - Cyber Kendra
A Critical Security Flaw Uncovered in Popular Java Framework Spring
Penetration TestingCVE-2024-22233: A high-severity Spring Framework Vulnerability
CVE-2024-22233 (CVSS 7.5) allows an attacker to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition
References
CVSS V3.1
Timeline
- đź“°
First article discovered by Penetration Testing
Vulnerability published
Vulnerability Reserved